@awsless/awsless 0.0.282 → 0.0.283

package/dist/bin.js

@@ -755,6 +755,18 @@ var CommandSchema = z12.string().describe(`The script you want to execute when t
 var CodeSchema = LocalDirectorySchema.describe(`The code directory that will be deployed to your instance.`);
 var ConnectSchema = z12.boolean().describe("Allows you to connect to all instances with an Instance Connect Endpoint.");
 var EnvironmentSchema2 = z12.record(z12.string(), z12.string()).optional().describe("Environment variable key-value pairs.");
+var ActionSchema2 = z12.string();
+var ActionsSchema2 = z12.union([ActionSchema2.transform((v) => [v]), ActionSchema2.array()]);
+var ArnSchema2 = z12.string().startsWith("arn:");
+var WildcardSchema2 = z12.literal("*");
+var ResourceSchema2 = z12.union([ArnSchema2, WildcardSchema2]).transform((v) => v);
+var ResourcesSchema2 = z12.union([ResourceSchema2.transform((v) => [v]), ResourceSchema2.array()]);
+var PermissionSchema2 = z12.object({
+  effect: z12.enum(["allow", "deny"]).default("allow"),
+  actions: ActionsSchema2,
+  resources: ResourcesSchema2
+});
+var PermissionsSchema2 = z12.union([PermissionSchema2.transform((v) => [v]), PermissionSchema2.array()]).describe("Add IAM permissions to your instance.");
 var InstanceDefaultSchema = z12.object({
   connect: ConnectSchema.default(false)
 }).default({}).describe("Define the default settings for all instances in your stacks.");
@@ -766,7 +778,8 @@ var InstancesSchema = z12.record(
     code: CodeSchema,
     user: z12.string().default("ec2-user"),
     command: CommandSchema.optional(),
-    environment: EnvironmentSchema2.optional()
+    environment: EnvironmentSchema2.optional(),
+    permissions: PermissionsSchema2.optional()
   })
 ).optional().describe("Define the instances in your stack.");
 
@@ -3598,6 +3611,9 @@ var instanceFeature = defineFeature({
         actions: ["s3:GetObject", "s3:ListObjects", "s3:ListObjectsV2", "s3:HeadObject"],
         resources: [bucketName.apply((bucket) => `arn:aws:s3:::${bucket}/${name}`)]
       });
+      if (props.permissions) {
+        policy.addStatement(...props.permissions);
+      }
       ctx.registerPolicy(policy);
       const profile = new aws10.iam.InstanceProfile(group, "profile", {
         name,

package/dist/build-json-schema.js

@@ -475,6 +475,18 @@ var CommandSchema = z15.string().describe(`The script you want to execute when t
 var CodeSchema = LocalDirectorySchema.describe(`The code directory that will be deployed to your instance.`);
 var ConnectSchema = z15.boolean().describe("Allows you to connect to all instances with an Instance Connect Endpoint.");
 var EnvironmentSchema2 = z15.record(z15.string(), z15.string()).optional().describe("Environment variable key-value pairs.");
+var ActionSchema2 = z15.string();
+var ActionsSchema2 = z15.union([ActionSchema2.transform((v) => [v]), ActionSchema2.array()]);
+var ArnSchema2 = z15.string().startsWith("arn:");
+var WildcardSchema2 = z15.literal("*");
+var ResourceSchema2 = z15.union([ArnSchema2, WildcardSchema2]).transform((v) => v);
+var ResourcesSchema2 = z15.union([ResourceSchema2.transform((v) => [v]), ResourceSchema2.array()]);
+var PermissionSchema2 = z15.object({
+  effect: z15.enum(["allow", "deny"]).default("allow"),
+  actions: ActionsSchema2,
+  resources: ResourcesSchema2
+});
+var PermissionsSchema2 = z15.union([PermissionSchema2.transform((v) => [v]), PermissionSchema2.array()]).describe("Add IAM permissions to your instance.");
 var InstanceDefaultSchema = z15.object({
   connect: ConnectSchema.default(false)
 }).default({}).describe("Define the default settings for all instances in your stacks.");
@@ -486,7 +498,8 @@ var InstancesSchema = z15.record(
     code: CodeSchema,
     user: z15.string().default("ec2-user"),
     command: CommandSchema.optional(),
-    environment: EnvironmentSchema2.optional()
+    environment: EnvironmentSchema2.optional(),
+    permissions: PermissionsSchema2.optional()
   })
 ).optional().describe("Define the instances in your stack.");